Problem wtih Adding IP Ranges in Firewall

I wanna add ip ranges of Cloudflare(see https://www.cloudflare.com/ips/) in whitelist in Cloudflare. Still, only /16 or /24 ip ranges can be allowed in access rules, even /8 ip ranges are not allowed. What should I do?

Use Firewall Rules instead of IP Access Rules.

But that shouldn’t be neccessary except of Cloudflare Always Online, Diagnostics and Speed check

I can’t use the firewall. as the domain name is providing with sftp services(i.e. port 22) and is not providing with web services(i.e. port 80 or 443).

So…what exactly are you trying to stop? There’s no need to have Cloudflare whitelist itself. Is this using Spectrum on your Enterprise plan?

yes, I am using spectrum and using ip access rules to block everything. I want to add ip ranges of Cloudflare in whitelist, only /16 or /24 ip ranges can be allowed in access rules.

Whitelist the ASN then

AS13335

That should fit all your needs :slight_smile:

If you don’t want that, you need to split all ranges into smaller networks like /24. Not that hard, but needs some time to add them

1 Like

It’s a good idea!. But it’s quite strange that some ip ranges do not have as number, such as 131.0.72.0/22 and 108.162.192.0/18(see https://www.ultratools.com/tools/asnInfoResult?domainName=131.0.72.0&as_sfid=AAAAAAXO6F2nmoYTTRbCfcWIgjxU_cu2AliDLDowI0KzYwObckI2ECJp8gwrVtNhCxSsy5dOdZDwKcB6I1uiIgVrY-nqh0oYvbXGj2X9J2lLTj35Y31CENnaueaqXx6b61mnMzY%3D&as_fid=29e8f55b50ced538c84f57420bef114b8b7b8a1e).